Hi,

I am in the process of evaluting how to take our company forward with an easier to manage network, unfortunatley we don't have a massive budget. Currently we run as a workgroup of about 20-25 machines - I would like to make the move to a stable domain controller - for me there are two choices - win2k3 domain or a NT4 style Samba domain, obviously the difference in cost between the two is significant - which is why I am leaning heavily towards the linux option. I already have one linux server in our network acting as a local intranet server running LAMP and it has been great!

What I would like to achieve:

I would like to offer romaing profiles.
Once click sign on.
Map share netork drives depeding upon the department.
More secure network.
Easy way to backup the user profiles on the PDC to an external device? Tape Drive / USB Hard Drive / Network Share

Is Samba capable of what I am looking to acheive? I would be very intersted in hearing other opinions about those who run a samba PDC in the workplace and how they get on with it? Any major issues? Do is it just work?

I am looking to run the PDC on Feora Core - any reason not to?

Any help is greatly appreciated.

Thanks,

I run 2 Linux-based PDC systems - one in Australia (~60 users) and 1 in New Zealand (~6 users) - I mention the New Zealand one to highlight that we successfully remotely manage it.

Our systems run Samba over RedHat ES4 with an LDAP backend. Sometimes things get tricky, but generally things just tick along nicely. We have roaming profiles, but not 'true' single-sign-on - mainly due to our antique ERP system. (Raining Data 'D3' (nay 'R83', nay 'PICK') if anyone remembers that!! :P )

Having the LDAP backend makes it relatively easy to integrate with other systems so at least staff have a single username / password for most of our systems.

It's pretty easy to setup a login script (BAT or VBS) to map network drives on the client based on their group and/or username. Backup's are definitely 10000% easier having everyone running off a central storage.

Some of the more 'common' problems we experience are:
1) If Outlook doesn't get to close it's .PST file properly, Samba will sometimes maintain the lock on the server side, even after rebooting the client. You need to use smbstatus -l to find the lock, then kill the process that is maintaining the lock before Outlook will open again.
2) If the server goes offline while people are logged on, Windoze will change their "My Documents" location back to the local disk so staff will start freaking out that they're lsot all their files. We just manually change this back at the moment, although there's probably a better way (login script I'm thinking)

The most annoying part is setting up the MS client to actually 'use' the server, not just login to it. You need to manually change the "My Documents" folder to point to the server (we map it to H:\ and create a folder inside there called "My Documents" so each client uses "H:\My Documents"). You also need to change Outlook to store it's PST files on the server (pretty easy on 2003, not sure about 2000 or prior.) We just store it in H:\outlook.pst and H:\archive.pst

Good luck, it will be worth it!

Many thanks for the quick and great reply, seems like you have a nice setup going there.

Can samba act as BDC?


Cheers

I run a school nework in the UK with 800 users and 300 PCs running XP. We had a Redhat EL4 PDC with tdbsam (trivial database) backend. TDB is capable of handling over 500 user accounts from a single server but doesn't allow replication of the user database across servers preventing you from running as a BDC. This leaves LDAP as the only option.

So, the answer to your questions is:

I would like to offer romaing profiles.

Works for me

Once click sign on.

Same again

Map share netork drives depeding upon the department.

Use UNIX/Posix groups and Samba works with POSIX ACLs so you can use multiple users and groups on a share.

More secure network.

Undoubtably

Easy way to backup the user profiles on the PDC to an external device? Tape Drive / USB Hard Drive / Network Share

I use Rsync which synchronises the server's hard disks to a Buffalo Terastation NAS device (750GB in RAID 5 - About £430). It can be made to only update files on the NAS if they've changed on the server's drive so once you've done the initial sync it takes no time. I also back up 400GB tapes.

The Linux flavour we're using is Mandriva 2007 but I'm moving the backend stuff onto CentOS 5 which is Red Hat EL5 recompiled from source. I've also just switched from tdbsam to LDAP.

The best thing you can do is go to the documentation section of samba.org and download Samba 3 by Example and the official Samba 3 Howto. Everything you need to know is in these two documents (they've been my bible for ages) You can download nightly builds to get the latest info. Also be sure that you read the release notes for the version your using as there have been some updates to various things including the format of commands for access control to shares i.e. read list = and write list = which now require a different format for local machine and domain accounts.

Good luck, it's worth it. We had two 2 years with Redhat EL4 without a single minute of forced downtime.

Vlad,

That sounds like a great setup you have got there, I am also from the UK! It's good to see Schools are making greater use of Linux, you obviously have a very stable network and would have saved a massive amount of money in the process! Something a school would really appreciate.

How does Samba cope in a multi-branch setup? can we have one 'master' domain controller and have backup-controllers at the remote sites? or would it be best to install a PDC at each branch? I think I will be looking at an LDAP back-end to allow replication to another server.

I am going to setup a test server and see how I get on, I have had one configured previously and it worked, but I would like to have greater confidence before I role this out.

I was thinking of using rsync for backup to a NAS - seems pretty straightforward.

Many thanks,


Gavin

Hiya,

I must confess that I have no experience of multi-site so do not feel qualified to give you an answer on that one .

However, this fella here; http://skippy.net/linux/2000/smb-howto.html has.

Though the explanations are a bit simplistic every bit of info helps although I notice that he's replicating the user database to his "BDC" by copying a tdbsam file across using ssh which is OK at night when no-one's in the office but hazardous during the day. LDAP is definitely the way to go in your situation. Whether you want to have a central PDC and BDCs around it or all PDC's and interdomain trusts (can be done with samba) may need some experimetation in a sandbox.

Let me know how you get on

Cheers,

Jools

What part of the UK are you in?

Cheers,

jools

Durham and you?

Kent I'm afraid. Long way down.....

Cheers